Congressmen concerned about misuse of .cpa domain

A group of four lawmakers has sent a letter to an internet governing body expressing concern about how the proposed .cpa domain extension might be exploited by fraudsters pretending to be CPAs.

The American Institute of CPAs has been working to secure a .cpa domain string, in partnership with the Australian accounting body CPA Australia, since 2014. The two groups have pending bids for what is technically known as a “generic Top-Level Domain string,” or gLTDs, before the Internet Corporation for Assigned Names and Numbers, also known as ICANN, the global nonprofit that oversees internet namespaces.

Rep. Steve Pearce, R-N.M., Michael Conaway, R-Texas, Steve King, R-Ind., and Ruben Kihuen, D-Nev., are asking ICANN to develop and promulgate verification regulations for gTLDs that are at the most risk of fraud and abuse, including “.cpa.” Conaway is a CPA who is a member of Congress’s CPA Caucus.

In a letter last month, the lawmakers pointed out that a 2013 communique by ICANN's Governmental Advisory Committee identified several domain extensions connected to regulated or professional sectors, including the accounting profession. “The GAC recognized that ‘these [gTLDs] are likely to invoke a level of implied trust from consumers, and carry higher levels of risk associated with consumer harm,’” they wrote. “Further, the communique highlighted that gTLDs such as ‘.cpa’ could be used to deceive consumers of CPA services in the United States and around the world if granted to those outside the global CPA community.”

“Ultimately,” the lawmakers added, “the communique recommended ICAAN ‘[e]stablish a working relationship with the relevant regulatory, or industry self-regulatory, bodies, including developing a strategy to mitigate as much as possible the risks of fraudulent, and other illegal, activities,’ and specifically cited ‘.cpa’ as requiring "Category 1" safeguards.”

“Unfortunately, to date, ICANN has not fully implemented this recommendation,” they noted. “While it has taken steps in the right direction, gTLDs, such as ‘.cpa,’ are still not regulated in a way to prevent fraud and abuse. For a gTLD that has a strong connection to a regulated industry, such as ‘.cpa,’ the protection of the public against fraud or other illegal activities should be of paramount concern to ICANN. Strong, reliable verification procedures are essential to protect the public interest. The importance of the public trust to the CPA profession around the world cannot be overstated, and the potential harm to the public of fraudulent or illegal use of a ".cpa" domain is immense.”

The lawmakers are encouraging ICANN to come up with verification procedures for websites that try to claim .cpa domain names. “ICANN cannot combat fraud by simply requiring applicants to make a representation, without any verification,” they wrote. “We recognize that although such verification is not a simple task, but it is an essential one.”

As businesses grow and evolve, they add software and systems to manage departments, automate processes and provide insights into operations. This iterative process, done based on growth, competition and other factors, is rarely done holistically with long term goals in mind. The result is what many have deemed a "business system hairball". The emergence of cloud-based applications and Software-as-a-Service hasn’t eliminated the hairball, it’s just moved it to the cloud as low upfront costs facilitate departmental purchases without oversight from IT or costly hardware investments. Read this white paper to understand how most businesses find themselves with a business system hairball, and learn how a holistic business management platform like NetSuite could simplify your back-end systems and untangle the mess.